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mm 

(1) *i*n£.fit,<D y t. IT, 

[»u 

• p, g: prime numbers 

• • • (|jqjjr ^ 

• s e Z (gh* = 1 (mod p)) 

fcSfiFSBSHfctt (p,q,s) &ffr£U 
[»2] 

• p, /i, fc € Z (0 < g, h < n) 

• • • (&2) 

• n = p d q (d>l) 

%z>mm&mm (n,g,h,k) &ffr&b (*au k» P ,q©tr^ h*) , 

(2) ffjfE^'ff#Ji, mm&mm (n,g,h,k) £M^T, SLi$rr (0<r<2 k_1 ) £S 
£>\ iUHB^ffi^-^m (0<m<2 k_1 ) {CC^T, 

[»3] 

C = mp r mod n, _ 
D = h r mod n 



(3) WSBSff^tt, ItflBftaJtt (P,q,s) &MV*T, 

m = CO* mod p, " • • (lfc4) 
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T, 

(l) «ffl[«4j«©^fy^i:l/T f 
[»5] 

• g:prime numbers 

* • * (i&5) 

• 5 € Z (pA s = 1 (mod p)) 



[»6] 

• g, h, k € Z (0 < g, h< n) 

♦ n = jf*q (d> 1) . . . gS6) 

* / : one-way function 



teZlkfflm (n,g,h,k,f) &#j£b (fib, kte P ,qtf)bfy b*) , 

(2) mu&mm (n, g ,h f k,f) zm^x, zim (o<r<2 k_1 ) zmxf 

, xkig-T—fi* (0<m<2 k_1 ) ICO^T, 

[SK7] 

C = m« T mod n, 

• • • (ifc7) 

D = h r mod n 



£ Si-JSC b, &^HK£K=f (m)JC J: Uft^b, BufEft^^C,D£fuiE^M#lCj£fs 
b, 

(3) |&gBS^fg#tt, tirgB%&» (p,q,s) *m^T, 

[»8] 

m = CD S mod p, • • • CR8) 
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mmmc= {*ez/(n) Ni-R^Tt;} ©^§3&ffi»L $:#07n i zm&x 

£ = f° mod n, /»=^modn • • • G&9) 

[«1 0] 

a + s£ = 0 (modi) •••CR10) 



(l) fuiB®«t£ IT, 

mi l] 

• p, g:prime numbers 

• • • 0R11) 

• s 6 Z (pft 8 = 1 (mod n)) 



[»1 2] 

• ft, fc e Z (0 < g, h< n) 

• n = pg 



GK12) 
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(2) mm^it, Mrr (o<r<k> rnrn^-***, 

[113] 

C = mf mod n, . . . «i 8) 

D = h T mod n 

(3) 

[RU] 

m = CD S mod n, •••<*! 4) 



g{g#tt, *PII¥G= jx£Z/(n) IxtiBT^^} <D:*£&&f£L ?:^a5T;f 



115] 

p = £° mod n, h= mod n 

mi 6] 

q + 5/3 = 0 (mod L) 



mi 5) 



QR16) 



£ & £ <fc -9 IC s $:SStftS^T-^^*fil^.6 
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117] 

mi — CD' mod p, 
m.2 = CD 3 mod q 



m.17) 



[»18] 

o = l (mod p), 
6 = 0 (mod p), 



a s 0 (mod 9) 
6=1 (mod 9) 




G&18) 



a, MC*fbT, 



[»19] 



m = ami + bm.2 mod n 



(819) 




(1) ifiM©^f>^tLt, 

[120] 

• p, g:prime numbers 

• • • G&2 0) 

• so, si € Z 

&£iiuf3l&$it (p,q,sO,si) &fls/£U S^lc, 
[»2 1] 

• S,MeZ(0< Jl k<n) . ^ .<*2 1) 

• n = p d q (d> 1) 
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#3* i 1 -0 2 1 2 5 4' 



tezmm'Amm (n,g,h,k) zftmv (fit, mp,q<D¥y h«T*&y, 

*iai + 0 = O (modi) (0<«<1) •••«2 2) 



(2) tufBizHt^te, ffimtemm (n,g,h,k) &/§V*T, SLRr (0<r<2 k_1 ) £5! 

t>% l<fgH3cl'ff-T r -^'n (0<m<2 k_1 ) ICO V\Tm=mO+ml £ & £ J: ? \Z =y > #A ICmO ,m 

[»2 3] 

Co = > 7 *off <1<>r m °d n i 

Ci = ro^'nodn, ---aWS) 
D = g^ T mod n. 



(3) iufB^M^te, l&SB3fe!B«t (p.q.so.si) &fl§v*T, 

[»24] 



frjfB*HI#l£, BtjSB^^-^m (0<m<n) lC*fbT, Kfffiffip^t^SslCTI© 

-ti(co,ci,D)$:{ML, S«i£^:fc(co,ci,D) U 

[»2 5] 

m = CqP*' 0 + CiD 31 mod n • • • (f£2 5) 
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T, 

(1) ifi4^©7f yzftl L/T, 
[&2 6] 

• p, grprime numbers 

fc*5BM£H (p,q,sO,si) &tfM*U ££>(c, 
[Si 2 7] 

• 9.h 1 Jt€Z(0<ff,l!<n) 

• • • 0R2 7) 

• n = j^g (d > 1) 

• / : one-way function 




ft&'Amm (n,g,h,k,f) £ffr£L (ib, kttp,qCD^*;hfif&y, 
tilt 2 8] 

«,-<* + 0s 0 (modi) (0<t<l) •••GR28) 



(2) mm^it, mm&mm (n, g ,h,k,f) &jbv*t, zimr (o<r<2 k_1 ) 

, iUfs-r-^m (0<m<2 k_1 ) IZ~D m=mO+ml £ <£ ? tC =y y AtCmO ,ml £S1 
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[»2 9] 



0> 




• • • ®[2 9) 



&ttlb, #WttK&K=f(B)lC<J:yfff-#U tufBftm^(CO,Cl,D)$:|tf|H^fg# 

(3) taiH^fs#ii, mmm^m (p,q,so,sn &m^t, 

[«3 0] 



(i) mmm^mo^^vy'tLx, 
ms i] 



m = C 0 D S ° + Ci D* 1 mod p 



• - • m.30) 



• s € Z, p/i* = 1 (€ Jif) 



• • • @*3 1) 



• H: subgroup of G 



& £ tut H»?B 



(s,H) &tfM£U 3*>K: 



[»3 2] 



• g r h€G 



■ - ■ m3 2) 



• G : finite group 



te&mm&mm (g,h,o &^mu 

8 ajSE# 2000-301157 
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-#m (mGH) (CO^T, Bf#:£C,D£ 
[»3 3] 

C = mV (eG), . . -(gc3 3) 

D = h T (eG) 




tcTtmu, Ki^#:£c,D£iiffi3^fi#{ciit#u 

(3) iufE£fl#te, tufE^il (s,H) £J§V^, 
[g5C3 4] 

m f = CZ>* (€ H), ' • • 8^34) 



[fjf^l 1] 

x, 

0 • 5 € Z, = 1 (e H) 

• • • (m.3 5) 

• H : subgroup of G 

te&mmm (s,H) £f£/*U $ <Mc, 
[£fc3 6] 

• g,h €G 

• G : finite group • • • (g£3 6) 
o / : one-way function 

te&'Afflm (g,h,G) £ffr&U 

(2) tuiB^TO (g,h,c) zm^x, $mr*mzf, IuIBMMt-*-* 

9 tBSE#2 000-301 157 
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m (m£H) tCC^T, ff -5§-:£C,D5: 
[«3 7] 

C = mV (eG), ••• 08:37) 

D = h r (eG) 



(3) ffjfB^t#&, l&IEftaftt (s,H) &J§V*T, 
[»3 8] 



08:38) 



mmizMfo-f zm^mt: %\<^-z , ut it $ ti ^ m ib at \ s -r - * & & -*§- it t & y A m 

(l) iff^^ff^iil/T, 

[»3 9] 

• p, grprime numbers m . . ^ 3 g) 

• s £ Z (pfc* = 1 (mod pg)) 

3&SI5IHM» (p,q,s) feffrSU 2"b&c, 
[»4 0] 

. s ,MeZ(0<j,h<n) •••0R4O) 
• n=p d q (d> 1) 



1 0 £BSE#2 000-301 15 
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(2) MfH3Ht#te, mm&mm (n,g,h,k) Zm^T, SL$[r (0<r<2 k_1 ) £ 
XT, BtffS^'gT-*- (0<n<2 k_1 ) tCO^T, Bg-^lfcCDS: 



[£fc4 1] 

C = m g r mod n, • - • G&4 i ) 

D — h r mod n 




(3) tirfBSMii, (p,q,s) zm^x, 

[WL4 2] 

m 2 = CD 3 mod OT , * * *«4 2) 



T, 

(1) ttflfa^O^ff^illt, 




[g^4 3] 

• p. q:prime numbers 

• s G Z (5/1* = 1 (mod pq)) 



®C4 3) 



(P,q,s) &ffr£U SfelC, 

[^C4 4] 

• 5, ft, Jfc € Z (0 < h < «) 

. n = A (d > 1) •••GK44) 

• / : one-way function 



&54*BMi (n,g,h,k,f) fcffrSl, (ffiU k& P ,qtf)tfy h^k) , 
(2) f&gB4fcB8(* (n,g,h,k) &Mv\T, SL^r (0<r<2 k-1 ) «r3gae, 

&iB?-*m (0<m<2 k_1 ) ICO^T, Hf-&:fcC,D£, 
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l 1 — 021 2 5 4~ 



[»4 5] 

• - • (©[4 5) 



C = m 2 g r mod n t 



D = h r mod n 

fCTftHU ^ilK£K=f (m)(c <fc UltlfU fyfBft®^C,D$:Stj|H^#lC^ 



(3) lufB^##«, tirffi&ffcfc (p.q.s) £JBv^T, 

[»4 6] 

m 2 = CD* mod pg, * ' * ^ 46) 



m)lC J: *J tfUL-TS 

irjfBM%&, t&SEiSfS"?-*" (0<m<n) lC*fUT, ffjiEB£-if ffc^SHCTfu 
[&4 7] 

m 2 = CP 1 mod n. • • • <K4 7) 



3 n z ®m t * & & mm m -*§■ \ t -n & „ 

[0 0 0 1] 
[0 0 0 2] 

1 2 £BIiE43 2 000-30115 
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[0003] 

m m h j: t> t -r & mm] 



MftM mm & # *i « * 



^^m^mm^m<^tx^mi<Dm^m^m^ztiti-m^^mmtB^ 

[0004] 



[0 0 0 5] 



[0006] 

^CiKlO©H&-t^^JCJ3WSgP45'«iaSJCji*"tS^^tt (semantic securit 

y) ti, XiKlOcfI^cTSilStlTv^^>p-«|J^raJS©Hj8ltti:^8 ^ fll^T*>«i:LT 



1 4 
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[0 0 0 7] 
[0 0 0 8] 

[0 0 0 9] 
[0010] 
[0011] 

fiWHmtt* 5: ?«stiTv%-6SS[a&fi&raffl(NPraH)i:^« (*fet±j^±) 

^^«SES*ifc^BBIIS:ffl^fcBff^b*&fc«[^b*?5fei:> *ft&J§^fctt 
BBja^SS^fc!^;^ 3ft*>CD5&'i£S:ll*?'t5:/n$''9£u §£S£ 

v ^ 9- A £ H £t & 3 £ T- & S . 

1 5 2000-301 157 
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[0 0 12] 

[0 0 13] 
[0 0 14] 

[0 0 15] 

JhsSSlft£ St/Si - #5&9§Bu JeAT©4#«&fllAS. 
[0 0 1 6] 

[0 0 1 7] 

(2) %Mmkm(DfGT*(Dm£MWt<£>mmflc^ Diffie-Hellman&£fig®<Z)Bi| 
tth^tifiT-&£ (Diffie-Hell«anSilj£raa©fflSH£lCoVATli, ifctRll rv.Shou 
p.: Lower bounds for discrete logarithms and related problems. In Advanc 

es in Crypto logy-Eurocrypt' 97 (1997) J ££^T, * ©ffljiffi*^ 2®$ *lT ^ 
[0 0 18] 

1 6 2000-301 157: 
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[0019] 

[0 0 2 0] 
[0 0 2 1 ] 

[0 0 2 2] 

[0 0 2 3] 
tit, 

[0 0 2 4] 
[»4 8] 

• j?, g:prime numbers ^ . , ^ 4 8) 

• s € Z (ph s = 1 (mod n)) 



[0 0 2 5] 



1 7 
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[0 0 2 6] 



[»4 9] 

• g, h, k € Z (0 < g, h< n) 



• • • (f&4 9) 



• n = p d g (<f > 1) 

[0 0 2 7] 
[0 0 2 8] 

i£fg#te, £Lffcr (0<r<2 k_1 ) EHg-^-** (0<m<2 k-1 ) &, 

[0 0 2 9] 
[1*5 0] 



[0 0 3 0] 

[ 0 0 3 1] 

[0 0 3 2] 
[15 1] 

m 2 = CD* mod pg, • • • CR5 1) 

[0 0 3 3] 



C = m g r mod n, 
D = h r mod ra 



• • • GR50) 



1 8 
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[0 0 3 4 ] 
[0 0 3 5] 

[0 0 3 6] 
^ [0 0 3 7] 

^^>t°a-^ (jkt, zfcitgmmwmmt&^o) 200 

[0 0 3 8] 

flg#ft#<ffi!^glOOtt, CPU101, *^U102, ii«^«103, ^*104iC<J:oT« 

w [0 0 3 9] 

l©-^'fb#«(R«100<Z>^ i EU102tt, ^^E Ul02«^##:|B'It^g^/\- 

[0040] 

IH^HlC. tt-tft^fflgSflKOOlCfcj:, CPU20K ;*^U 202. it^^fi203, A*204 

©MtS« IC#- R £ ilfl £ £ - IC#- KU-*f • 4 #205# 

AX204£^£*lTV^ o 

1 9 ffiHE#2 000-3011571 
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[0 0 4 1 ] 

[0 0 4 2] 
(HJfeffil 1) 

*S|j6fltt, *yiz-*?<Z)2lte#A#g«#BK:*fLT, SHI^-*" (0<m<2 

k_1 ) zm^mmz. £^>xmmi-z>Wi&iz-D^xm®irz>o 

[0 0 4 3] 

i. mmm%.Mm 

[0 0 4 4] 
[ft 5 2] 

♦ p, g:prime numbers . . . ^ 5 2 ) 

• s € Z (p/i* = 1 (mod p)) 



[0 0 4 5] 

[0 0 4 6] 
[»5 3] 

tj,U6Z(0<j,/i<n) • - • (jR5 3) 

• n=p d q (d> 1) 



[0 0 4 7] 

&6^H§'lif# (n,g,h,k) (fib, klip, qffl^hfim. ) S:f^«i-S 

o 
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[0 0 4 8] 
[0 0 4 9] 

$[r (0<r<2 k_1 ) £^>#*AlCjg,$* 0 $ £ ffl3#§gg400fe6 W*, 
3S«200}^e>«e>*l*±ffi^||B«f*2006i:, ^^^B#®1002, »jft?SI»#SlOO 
3££M^T, I|f-^«(0<B<2 H ) lC*fi-SBt^35CC, D £ 
[0 0 5 0] 
[»54] 

C = m9 f mod n, . • • (j££5 4) 

D = h T mod n 



[0 0 5 1 ] 




[0 0 5 2] 



[0 0 5 3] 

(2) ^ffi#M§£fi200lC£^T, «-iHfc#IB2004Wu ^£fH#i 
#182003 £ , 4%& S tiT V* S_tSBf&?Bflt*|2007 h £ ffl V > T , 
[0 0 54] 



#^2002, 



[»5 5] 



m = CD 5 mod p. 



(15:5 5) 
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[0 0 5 5] 
[0 0 5 6] 

±fiE:$Cigfc9 :£i8K2 {CfB^0Rf-^#&&C£^T, semantic security#Dif 

* ¥^©as^«*(^&<fct>ft*011^y h)&#&5&#«?Sli#Diffie - Hell 
■an&£RHH£R|*gEtCHI*'r&*£i:, -ffcfctu IB Semanticall 

[0 0 5 7] 
fcfc. Diffie-Hell«an^jere||i:Ji, 
[0 0 5 8] 
[R56] 

J? : (g x mod n,^ mod n. <? 3 mod n) g, x, y, z are random • • • (ffc5 6) 

[0059] 

[0 0 6 0 ] 
[»5 7] 

Z> : (y* mod n,g y mod n, p 3 ^ mod n) g,x,y,z are random • • * 7) 

[0 0 6 1 ] 

[0 0 6 2] 
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[0 0 6 3] 
[»5 8] 

h = g a (modn) * " ' (1*58) 

[0064] 

[0 0 6 5] 
[»5 9] 

{C/riH mod n, A, £>) (0 < i < 1) • - • (&5 9) 

[0 0 6 6] 

[0 0 6 7] 

itltCJ: »J, ®^«PK©HI*tt^Diffie-HellMn^feKJH©BilKtti:3i) | C«f'fi|fT 

[0 0 6 8] 
[0 0 6 9] 

^mjwumt, &fefti-c\tte<, mmwx*}tbz>„ iot, *r & -£ 

2 3 ffifiE# 2 0 0 0 -3 0 1 1 5 7; 



fisp. l 1 — 021 25 4 



[0 0 7 0] 

[0 0 7 1] 

2) 

fc©"e&*. iniciU, ^te^fcgte^RlTftt&^&fT^i: 

ttfl9&^*S^**a*?«l-&^:*»*S ! !FS'&v^*&f^»J. fglfr left- 
's £:£tt£?i^-t<£> o 
[0 0 7 2] 

$!li£S200CO^-5Ht 3^2004, ^£ffl|t#©2002, *!l&$ftl¥#©2003H:fe < T % 

4^5 2*1 005* T^U^T-S/a>B^D ?*^A2005£, BHC^ti 5 •fii x. ^> % CO 

[0 0 7 3] 

1. tttif«£j£*G!3i 

^#>, g'ff#{i^S200t*I©iS^#|g200Hi ) 
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[0 0 7 4] 

me 0} 

• p, g:prime numbers 

• • • (3&60) 

• n € Z (<?/i a = 1 (mod p)) 




[0 0 7 5] 

*s*»«&«58 (P,q,s) £f|Hj&U 
[0 0 7 6] 

[»6 1] 

• , ft, A € Z (0 < A < n) 

• n^j/q (d>l) • • • 0R6 1.) 

• / : one-way function 



[0 0 7 7] 

fcS&BMMR (n,g,h,k) (f U KJip, q<D\Z*j h&&&-t. ) fc^f^-T^ 
[0 0 7 8] 

[0 0 7 9] 

(1) &te#W3£SlO0|*<&B|F#fl:#J£lO04«:, &S£j£^Sl001&ffiV*TSE8[r 
(0<r<2 k_1 ) ^^AfCSgfls d>HM2006. ^fl3l#m002, 
®1003&JBV%T, stff-r-#m (0<m<2 k_1 ) &C*f"t£B£-^-;£C, D £ 
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[0 0 8 0] 
[86 2] 

C = mg T mod n, 
D = h r mod n 
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(gfc6 2) 



[0 0 8 1 ] 
[0 0 8 2] 

^ £<blC, Bf#^CC, D?:M{fi^gl03?:MVNTii^lHl^300$:^LT^fg#B(D 

S«#«I««200K:SHi-r6o 
[0 0 8 3] 

[0 0 8 4] 

(2) gfe#WSSifi2007?B:, IC*- K500rt©tt-^-ffc#S5004^ *=EV5021Z 
fiJ^StlTV^S±IB»afft#2007^, ^$^^#^5002, i!l£c?f|jr#$5003£ £ 

♦ [0085] 

[86 3] 

f7i = CD* mod j>, • • • CS6 3) 

[0 0 8 6] 
[0 0 8 7] 

3£{c, ICA- K500W©— ^|fiittBBS5[#S5008ii, &g8fil$g"eS>S— ;frGM£ 

&»f ^?>^ai«tK&K=f («)tC <fc Uft^U IC#- K500^e>mS:m*-r6 3i: 

&<, K?rgM#M^«2ooicm^-rs 0 



2 6 



miE#2 000-301157: 



ijf 3p 11 — 021254 



[0 0 8 8] 
[0 0 8 9] 

htC«k»;, (0<m<2 k_1 ) Sr^SP^ffi;*} L&^„ 

[0 0 9 0] 

[0 0 9 1] 

[0 0 9 2] 

[0 0 9 3] 

3) 

#> © H fit $6 £ J* © # & J c o v x T J£ ^ 5 . 

[0 0 9 4] 

gte#fflg«200ft©«£fR^J£200m, ^RR»G= {xez/(n) IxttnTafiTC} 
S&filfcLSr^OTcS Sr^tf (fib, Z/(n) ten&&£ -f ^>PJ^^, L I ©flrgf 

2 7 mSE4# 2000-301 157 



#3JZ i 1 — 02 1254 



[0 0 9 5] 

me 4] 

g = f° mod n, h = ^ mod n - • • (f£6 4 ) 

[0 0 9 6] 

[0 0 9 7] 
[16 5] 

a + sfi = 0 (mod L) •••0R6 5) 



[0 0 9 8] 
«fc O iZ s 
[0 0 9 9] 

Z.<D£%, g, h&C£V^T, /hSfcfiESk (k^2) 
[0100] 
I»6 6] 

fc = fl *mod» •••QR66) 



[0101] 
[0102] 

# JSP £ *f 1" 6 £ ^14 D i f f i e-He 1 1 uan&fe ftfi <D M HI* £. V> flSft ^ © 
[0 10 3] 

2 8 mtiE#2 0 0 0 - 3 0 1 1 5 7 2 



1—02125 



[ 0 10 4] 



[R6 7] 



= g mod n 



• • • (g&6 7) 



[0105] 



[0106] 



[ft 6 8] 



2s + 1 = 0 (mod L) 



' - • (&6 8) 



[0107] 
ICT s fetHM"*. 
[0108] 

[0 10 9] 
[»6 9] 

W — mod n • - • (S>[6 9) 



[0112] 

(04) „ 



[0110] 




• • • m.7 o) 



tfilFff 2 000-301157: 



11-02125 



[0 113] 

d (d ^ i ) om* TKDmmmftMtfMm-v&zmmiz&^T, 

[0 114] 

[0 115] 

[01 ] 6] 

• immm 4) 

[Oil 7] 

1. mmm&j&Mm 



HiSiE4f 2 000-301 1 57: 



#5}Z i 1 — 021254 



[01 1 8] 



[«7 1] 

• p, grprime numbers 

♦ 5 € Z s 1 (mod n)) 



• • • 



&5C7 1) 




[0119] 

fc*8HfcflN8 (p,q,s) fcflsjfcu 

[0120] 

[»7 2] 

• 5, /i,ieZ(0<j,l<n) 



n = pq 



mi 2) 



[0121] 



(n,g,h,k) (fiu klip, qOtf?; h^&SS-r. ) Srflsj*?-* 



[0122] 

{«g2oo'\i£tfir-£a\ whirrs, ^m-r lt. & t * 




[0123] 
2. «Ptt-S--ffc«ia 

(1) mmmmmw.iH&^ik^momt, aR£j£^mooi£«v\T«g»r ( 

0<r<2 k_1 ) £9>*\fctC3a^ 0 SbtC, fg3#&&m;i. §<g#fl!l£S«200# e>» 



&*l*±SB4iBBW $g2006£, ^ 

[0124] 

l»73] 

C = mj r modn, 

D = h r mod n 



.#©1002, *|&SI3l#®1003i: fcfflV*T, 



0R7 3) 



3 1 



ffiliE#2 0 0 0 -3 0 1 1 5 7 ; 



11—02125 4' 



[0 12 5] 
[0 12 6] 

Zh\Z, mp«C, D£®f§^gl03£MV^MtaiS§300£^LT^f§#B© 



[0127] 

(2) S^#{HI61S200lCfeV^T, tt-JHt#®2004Wu ^ 

#m003£u nt ±ffift«lf fit «2007 £ £ ffl , 

[0128] 



©2002, JH& 



[»7 4] 



m = CD 5 mod n, 



(1*74) 



[0129] 

ammm 5) 

[ 0 ] 3 0] 



200ft ©0t£j£#|S2Om, ^Pg|¥G= |xGZ/(n) |x««r^5t;} <Z>* 



[0131] 



[»7 5] 



g = f<* mod n. h = mod n 



• • • 



0R75) 



[0132] 
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[0133] 

HR7 6] 

a + s0 = 0 (mod i) 



GS7 6) 




[0 1 3 4] 
[0 13 5] 

g, h}C^VNT, /jN^&gg&k (k^2) iC^fLT 
[0 13 6] 



[R7 7] 
h = g k 



n 




[0137] 
[0138] 

M I* <0 it >f X £ $ < -t -5 3 £ # HI fg T? & 6 c 
[0139] 

.fcUAftfi&JCtt, |S^:^«;fP» (MxJ*fjlI$0 LSTfift^-rs/hS^-flt^S 
[0140] 



C«7 8] 



h = g 2 mod n 



G&78) 



[0 14 1 ] 
#«1003£JS^T, 



1002, jf^iS 



3 3 



ffi£E#2 000-301 1575 




• 



1 1—02125 




[0 14 2] 



mi 9] 



W = g T mod n 



mis) 



[0 14 3] 



[ 




[0 14 4] 
8 0] 

C = rnW mod n, 
D — W 2 mod n 



(88 0) 



[0 14 5] 
[0 14 6] 

(mrnm 6) 



[0 14 7] 



[0 14 8] 



[|&8 1 ] 

mi = CD S mod p, 
m-2 = CD 3 mod q 



2002, fU^S 



[0 14 9] 



3 4 



2000-3011 57: 
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[01 50] 
[»82] 

a = 1 (mod p), a = 0 (mod <j), 

6=0 (mod p), 6=1 (mod q) 

[0151] 

[0 15 2] 

[»83] 

m = ami + bmz mod n 



®8 2) 



®8 3) 



[01 53] 
[0 1 5 4] 

[0155] 
[8Sf8 4] 

. ir j • • • (»8 4) 

5 mod n, ft mod n 




[0 15 6] 
[01 57] 

(HiSM 8) 

©ft#f*»<Z> fa± * 0 •& © 1? & -5 c 

3 5 ffi!E# 2000-301 157 



1 1—02125 4 



1 . 



[01 58] 



[0 15 9] 
[»8 5] 

• Pi g:prime numbers • • 

• *o> si € Z 



GR8 5) 



[0 1 6 0] 
fc€>M5til« (P,q,s0,sl) £fmU 
[0161] 
[»8 6] 

• « ! MeZ(0< S ,k<n) • .«8 6) 

• n = p d q (d> 1) 

[0 1 6 2] 

*&&mmm (n,«,h,k) 

UEU klip, q (D¥ y hMZMt* si (i=l,2) &, 

[01 63] 
[»8 7] 

Siai + 0 = O (modL) (0 < i < 1) **■ <& 8 7 > 

[0 1 6 4] 
[0 16 5] 

3 6 ffiliE^ 2000-301 1 57 



4#¥ 1 1—021254 



[0 1 6 6] 

2. m'&^it&m 

ifcr (0<r<2 k_1 ) Z^yfJzlzm&o £ £ tC, j£fg"r-*" (0<m<2 k_1 ) JCoVxT 

m=mO+mlh&& ^ O IZ^ > ^ ^iZtaO ,tal^mSo ZblZ, H3#{}l!JI£fi400& £ 

Sfg#fllS*200^e>»b*lS±IB^B8fiia2006i:, ^^^##©1002, gg&ft 

B#Jgl003&J§V^, *"fc#r*W-32:C<>,Cl,D;fe 

[0 16 7] 

[^C8 8] 

Co = wjofl aor mod n, 

Ci = m^'modn, •••GR8 8) 

D = gP T mod n, 

[0 1 6 8] 
[0169] 

$ lip■&*CO,Cl,D*ii^gSI«103S:M^^TJi'file^i»300S:^•L/TS^S#B 
[0 17 0] 

(2) gfMMW3£fi200K:;i3V^T. ^^-fb#^2004i±. 4R#LT^£±8Eifci!Bflf 
3S2007 1, ^£*3¥#©2002, !8fjfcSIJ*#©2003fc3:;BV*T, 
[0171] 

[»8 9] 

m = CoD 30 +CiD a ^ modp •■•QR8 9) 

[0 17 2] 
[0173] 

3 7 ailiE# 2000-301157 



#5(1 11 — 02125 



[0 1 7 4] 

(HSJfcM 9) 



[0 17 5] 

i. n^^s 

[0 17 6] 



[»9 0] 

• Pi <z:prime numbers 

• sq.si € Z 



«9 0) 



[0 17 7] 

&z>m&mm (p,q,so,si) 

[0 17 8] 
[»9 1] 



g, h, k € Z (0 < g, h < n) 



n - p d q [d > 1) 

/ : one-way function 



<R9 1) 



[0 17 9] 



(n,g,h,k,f) 



OfBU kttp, q©bf y hfi^t, si (i=l,2) tt, 



3 8 



a}fE#2 000-30 1 1572 




11—021254 



[0 1 8 0] 

[R9 2] 

SiOi + = 0 (mod L) (0 < i < 1) 



(&9 2) 



[0 1 8 1] 
[0 1 8 2] 

[0 1 8 3] 

2. ftttitrnm 

(1) ^##{B!l^SlOO|^©HiP#'fl:#^1004«, SL»£j*#m00l£:J8^TSI»r 
(0<r<2 k_1 ) Zvyf^lzmSo ^blZ, miST-** (0<m<2 k_1 ) {COVNTm=m 
0+ml£&£J; ^lC^>^fAlCmO,«lS:3i^o £ tC, 8§3#M^tt400& £ Hfcfcg 
^#{iI£fi200frM#£>*l6 JhlE^4i$g2006^ ^£^i£#®1002, SI^SIJS 
^!S:i003£fl§ V\T, SHg-r — ^>n}C^ft--&Bif-^^CO,Cl ,D& 
[0184] 
[»9 3] 

Co = mog aoT mod n, 

d = m lS oir mod n, • • • (M9 3) 

2? = gr T mod n, 

[01 85] 

jcTttif-rs. 

[01 86] 



ffisl#2 000-301 1 57 
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[0 1 8 7] 
[0 18 8] 

(2) M#ffl!lS«200T?tt, ICjb- K500|*©fc-iHfc^©5004#, ^ ; EU502}C 
#fifS*lTV^±iBSJafflf«2007i: f ^^SE#|£5002, 3Hj&SI»#®5003i: £ 

[0 18 9] 
[«9 4 J 

m = C 0 D a ° + CiD 31 mod p • • * «9 4) 

[0 19 0] 
[0 1 9 1 ] 

£*>fc, IC*- K500ft<z>— ^iRittB9S5t#ia5008ti, 4*WffiftRT? fate 

fr<, K££fg#^e200tcffi:fr"f&c 

[0 19 2] 

^t, rausic, &sv^i, gij^^^tis. Rmmn-vm^itz 

[0 19 3] 

fc£«fcy, ^f-^n (0<m<2 k_1 ) Sr^gP'StB^ L & V^ 0 
[0 1 9 4] 

4 0 £IE#2 000-301 157: 



11-021254 



[0 19 5] 

[0 19 6] 
[0 19 7] 

(HWJio) 

> SUM-?-*" (0<m<n) IC^fLT, Bf-^^ (CO, CI ,D) £#Jf&-t£ 0 
[0 19 8] 

Ste#W^fi200©&-iHfc#®2004», JbSSSJ«BfflF«2007i:, ^mn^moo 

[0 19 9] 
[«9 5] 

m = Col? 30 + Ci-D 51 mod n ... (gc9 5) 



[0 2 0 0] 

CT, l©^:fc(C0,Cl Jtfa^^fe^-^m&fc^ffc-r*. 
[0 2 0 1 ] 

[0 2 0 2] 

11) 

4 1 ajfl# 2000-301 157 
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3^1002, m&WiW-^®.1003Zm^T, 
[0 2 0 3] 



[»9 6] 



W = g T mod n 



- GR9 6) 



[0 2 04] 

[0 2 0 5] 
[«9 7] 

g air mod n = W Q< mod n (0 < i < 1), • • • «9 7) 

mod n — mod n 

[0 2 0 6] 
[0 2 0 7] 

(nasffii 12) 

[0 2 0 8] 
[«9 8] 

j« r modn (0<«<1), <^ r mod n • • • 0R9 8) 



[0 2 0 9] 
[0210] 

(nas«ii3) 

4 2 &1E# 2000-301157 
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[0211] 

(1) ifi^©^f«yyi:lT, 
[0 2 12] 




[»99] 

• s e z, = l (e J7) 

• fi": subgroup of G 



(899) 



[0213] 

&SiufB8$&li (s,H) £ffr&U SfeJC, 
[0214] 

HRl 0 0] 

• g,h£G 

• G : finite group 



(tlOO) 




[0 2 15] 



(2) fulE3HI#&, m^Amm (g,h,G) fcJS^T, SLfBcr&jgtf, fusB^'fg-r 

-#m (mGH) fCo^T, f©-5f:£C,D£: 
[021 6 ] 



[Si o l] 

C = mV (€G), 
D = h r (6 G) 



(gUOl) 



[0217] 

(3) f(f|HSM#tt, firfB%&gl (s,H) SM^T, 



4 3 



ffiliE#2 000-301 1 572 
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- [0 2 1 8] 
C«l 0 2] 




[0 2 1 9] 
[0 2 2 0] 
[0 2 2 1] 

i. mzLj&mm 

[0 2 2 2] 




mi 03] 

• P; g:prime numbers 

• » e Z (pfc* = 1 (mod pq)) 

[0 2 2 3] 

fcSMflfSI (P,q,s) SflMfcU 

[0 2 2 4] 

[»1 0 4] 

• p, h, fc € Z (0 < ft < n) 

• 7i = p d g (d > 1) 



®103) 



(£SU04) 



[0 2 2 5] 

fc*&Bifil?K (n,g,h,k) (fiU kttp, qCDl^v h^*:*?-. ) , 

U202lC«Hft"t* o 



0lfiE#2 000-3011571 





4t¥ 1 1-02125 




[0 2 2 6] 



2. mu^itmm 

xmm (o<r<2 k_1 ) * : ?y#2±\zm& 0 $e>tc gi3#&sv^;i^#Bfre>± 



m^vmwm^nx, B£-5Hfc#^10O4, ^$^#181002, ffj5k?StW#4gl003£fg 

v^t, mm?-** (o<m<2 k_1 ) j^e>, ft#:fcc, d& 

[0 2 2 7] 




iaio5] 

c = 

D = 



tn y mod ti, 

h r mod n 



m.105) 



[0 2 2 8] 
[0 2 2 9] 

££{C, ifiC, D£Mfl^gl03£M^T ^01^300 £^bT^#B© 



[0 2 3 0] 



#|£2002, »^^ff#|§2003?:ffiVNT, 




[0 2 3 1 ] 



HSU o 6J 



m = CD* mod pg, 



(gfcl 06) 



[0 2 3 2 ] 

ti, 3 ^ iiK rBerlekamp,E.R. :Factoring Polynomials over Finite Field 



, Bell. Sys. Tech. J. 46, pp. 1853-1859 (1967)j K £ n#Bl 



urn 



ill* : 9if$fl&#, 



j ) . 



4 5 



ffi!E$#2 000-301 157: 



#5p 11-02125 



[0 2 3 3] 

[0 2 3 4] 
[0 2 3 5] 

O^KHMf/SUS*. c&Sm'£51tf, ^ > ^A^lSr' lC*f U (C f ,D* 

)&, 

[0 2 3 6] 

m i o 7] 

C = m / mod n, . . • Qgio7) 

D 1 — h r mod n 

[0 2 3 7] 

i:tMt§ t Hf-^S: (C ,D' ) *7;i3v XA i izxti IT, 

tt$*t-*. at$iT£j&:v^3p"C" c*fctt, m') ©tea 

[0 2 3 8] 

£7c, .hgE^fcfe&JS^tltf, semantic security^Diff ie-Hel lman$5t|?g®© 
[0 2 3 9] 

4 6 ffiliE# 2000-301 15 
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[0 24 0] 

, mfc#}T*lZ&<, «#JT&£ 0 .tot, #T £ IC SLIfc^# 3 

if L T I: |pJ_h $ it T ^ Z> „ 

[0 2 4 1] 
14) 

[0 24 2] 

i. it^f&^s 



[0 24 3] 

i 0 8] 

• p, q :prime numbers . . • OS 1 0 8 ) 

• s € Z (0*i s = 1 (mod pg)) 

[0244] 

fcSlfc&tiMB (p,q,s) &ffr£U 
[0 24 5] 
mi 0 9] 

• 5, ft, k € Z (0 < g, h < n) 

• n = p d q(d>l) -''(81109) 



[0 2 4 6] 

te&temmm (n, g ,h,k) «bl, kttp, q©bfvhss^-r. ) , 



♦ / : one-way function 



4 7 



miE4f 2 0 0 0- 3 0 1 1 5 7 ^ 
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2. moLvittem 

(1) 2HS#iWig«100W©a»*fiR#©100lS:MV%TfiE»r (0<r<2 k_1 ) £ 5? > 

S1O04, ^^^^151002, *[&ifc|):#«1003S:M^T, SHB-r-*- (0<m<2 k ~ 

[0 2 4 7] 
[ftl l 0] 



[0 2 4 8] 
[0 2 4 9] 

SfelC, HWC D&SfeIMl03&M^TMtelB*R300&^LTSig#Ba> 

S«#«!l^«200{C^#-r^ o 

[0 2 5 0] 
[0 2 5 1] 

(2) gfe#B&, IC3&- K500ftlCT«*#bTV>-6±IB8t?lffiS?82007fc, IC* 
- K500rt©t6-5-ft#Jg5004, ^ft^lT#S5002, SU&?Hlf[#^5004 V^T, 
[0 2 5 2] 

[Rill] 

m 2 = CD S modpg, • • • GRl 1 1) 

[0 2 5 3] 




• • • (1110) 
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[0 2 5 4] 

[0 2 5 5] 
[0 2 5 6] 

(H5£$ll5) 

[0 2 5 7] 

^i&M 1 3 IC V * T , d=l£U £lfs#», ^M^-^n (0<m<n) tC^LT, 
[0 2 5 8] 

[0 2 5 9] 
mi 12] 

m 2 = CD* mod n, • • ■• G&l 1 2) 



4 9 ffi$E4S 2000-301 1575 



11—021 25 



[0 2 6 0] 
[0 2 6 1 ] 

[0 2 6 2] 

[0 2 6 3] 
(IiMl6) 

[0 2 6 4] 



C»l 13] 



g T mod n, /T mod n 



mi 1 3) 



[0 2 6 5] 
[0 2 6 6] 

tT'iC^fei^Kl, Jtlfr&llififlUCfc^T, d (d^l) ©>fii£n<Z) 
[0 2 6 7] 
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[0 2 6 8] 
[0 2 6 9] 

[0 2 7 0] 

[0 2 7 1] 
[0 2 7 2] 

[0 2 7 3] 
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[si] 

% © mmm jc & w & i c# - f © m z ^ 1- m •*? & £ . 

[03] 

[04] 
[05] 

[06] 

[4f-5§-<Z)M] 

i o o -mm^mmw., ioi-^itiifiioort0cpu, 102-1 

itigiioo^^^'j, 1 0 3 -sfttffijigt 1 0 0 rt©af hi, 10 

0 ] -mmm-mmm i 0 0 i^slism^is, 3002 ■■■mmmmmu i oo^ 
©^^u^s, 1 0 0 0 ow©*o^?siir#©, 1004- 
mm^wmm 1 0 0 ft<Dm-%it^&, 200 -g«^«§§, 2 0 1 -gMfli 

ill OOftOCPU, 2 0 2—g:'fg#M^tt2 0 OftCD^y, 2 0 3 -ff 

0 op^©ii#^tt, 204 - fiMf 2 oort®ic*-Fy- 

#^>f*, 2 0 0 1 - Sff WSI2 0 0 2 00 2-SifW 

£fi 2 0 0 PW^mW-^®., 2 0 0 3 -^'fS^-M^S 2 0 0 f*g©!H&gi#t#© 

, 2 0 0 4 -^mmmmmz 0 ono'&mt^gL, 2 0 0 6-^wni36, 200 

5 0 0-Sft©ICA-K, 50 1-ICA-K5 0 0rt©C 
PU, 5 0 2- I C*— K5 0 0 WCD^^U, 5 0 3- 1 CA-K5 0 0ft©I 
/O, 5 0 0 1 ••• I C#- K 5 0 0 fa©St£jER#!a, 5002 — IC*-K50 
OfcfiD^^&^S, 5 0 0 3 - I C - F 5 0 0 ^©i^If 5 0 0 4 
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[04] 

04 



h=g mod n 



2s+1=0 (modL) 



W=g mod n 



C=mWmodn, D=W 2 mod n 



[05] 

IH5 









RSA 


tfy 2—1500 


& 400 


ElGamalB§"f| 


3000 


*S 1500 


EPE 


*?) 13 


ft 400 


EPOC 


j$ 230 


a 230 




*9 200 


ft 60 
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[06] 



a= 1 (mod p), a=0 (mod q), b = 0 (mod p), b= 1 (mod q) 












mi=CD mod n, m2=CD mod n 
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m=ami+bm2 mod n 
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Hft^ 1 1 — 0 2 1 2 5 4 



Sfe#flU$S«200£jg^T, MitU (p,q,s) feflMfcU 

i^lt (n,g,k) USU kf£p,qtf)tfy . 

mmmmmnioozm^T, sL^r (o<r<2 k-1 ) sit;, ang-?-* 
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